Firewall Wizards mailing list archives
Dynamic execution of a script on arrival of a packet
From: Alex Ongena <Alex.Ongena () able be>
Date: 30 Oct 2002 15:14:41 +0100
Hi, I'am using Linux 2.4.19 and iptables. I'am looking to make a thing like: - by default, everything is denied in the Firewall. - on arrival of a packet, a 'script' (ex. perl) is called that evaluates some packet details (like Source IP, Protocol, Port, date and time of arrival, etc..) and can decides to 'add an iptable rule on the fly' to accept this and future packets. - another script can be runned by cron to remove iptable entries when applicable. The advantage of this script could be that 'acceptance' criteria can be determined more flexible (for example, checking a database with the relation IP <-> User at a certain moment in time) I know that one has to prevent for DoD with Packet Flooding, but that can be handled with the iptables --limit extension. Thanks for any help alex PS: I'am new to this list, does there exist a searchable archive ? _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Dynamic execution of a script on arrival of a packet Alex Ongena (Oct 30)
- Re: Dynamic execution of a script on arrival of a packet Sigurd Urdahl (Oct 31)